fix(neutron): sync paste config
* fix(chart): Import paste.deploy patch and bump chart versions to latest
* Remove paste.deploy config override
* Remove paste.deploy config override for nova and neutron
* Add ovn_metadata image
* Remove orig file and update gitignore
* fix typo in gitignore
---------
Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
diff --git a/charts/nova/Chart.yaml b/charts/nova/Chart.yaml
index 818a9b9..641e158 100644
--- a/charts/nova/Chart.yaml
+++ b/charts/nova/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/nova
- https://opendev.org/openstack/openstack-helm
-version: 0.3.1
+version: 0.3.10
diff --git a/charts/nova/charts/helm-toolkit/Chart.yaml b/charts/nova/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/nova/charts/helm-toolkit/Chart.yaml
+++ b/charts/nova/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/nova/requirements.lock b/charts/nova/requirements.lock
index 75ab5ad..45f58d3 100644
--- a/charts/nova/requirements.lock
+++ b/charts/nova/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:59.565900423Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:22.712454279Z"
diff --git a/charts/nova/templates/bin/_ssh-start.sh.tpl b/charts/nova/templates/bin/_ssh-start.sh.tpl
index abbf9f0..562da44 100644
--- a/charts/nova/templates/bin/_ssh-start.sh.tpl
+++ b/charts/nova/templates/bin/_ssh-start.sh.tpl
@@ -35,4 +35,6 @@
rm /tmp/sshd_config_extend
+mkdir -p /run/sshd
+
exec /usr/sbin/sshd -D -e -o Port=$SSH_PORT
diff --git a/charts/nova/templates/configmap-etc.yaml b/charts/nova/templates/configmap-etc.yaml
index 12ad86c..b7638e5 100644
--- a/charts/nova/templates/configmap-etc.yaml
+++ b/charts/nova/templates/configmap-etc.yaml
@@ -81,6 +81,10 @@
{{- end -}}
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.nova.wsgi "api_paste_config" "/var/lib/openstack/etc/nova/api-paste.ini" -}}
+{{- end }}
+
{{- if empty .Values.conf.nova.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
{{- if .Values.manifests.certificates -}}
@@ -270,7 +274,9 @@
type: Opaque
data:
rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
+ {{- if .Values.conf.paste }}
api-paste.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
nova_sudoers: {{ $envAll.Values.conf.nova_sudoers | b64enc }}
rootwrap.conf: {{ .Values.conf.rootwrap | b64enc }}
diff --git a/charts/nova/templates/deployment-api-metadata.yaml b/charts/nova/templates/deployment-api-metadata.yaml
index e7039f5..1d74685 100644
--- a/charts/nova/templates/deployment-api-metadata.yaml
+++ b/charts/nova/templates/deployment-api-metadata.yaml
@@ -142,10 +142,12 @@
subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: nova-etc
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: nova-etc
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
diff --git a/charts/nova/templates/deployment-api-osapi.yaml b/charts/nova/templates/deployment-api-osapi.yaml
index 4cb6744..df57940 100644
--- a/charts/nova/templates/deployment-api-osapi.yaml
+++ b/charts/nova/templates/deployment-api-osapi.yaml
@@ -114,10 +114,12 @@
subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
+ {{- if .Values.conf.paste }}
- name: nova-etc
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{- end }}
- name: nova-etc
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
diff --git a/charts/nova/templates/deployment-spiceproxy.yaml b/charts/nova/templates/deployment-spiceproxy.yaml
index e430d25..2c65401 100644
--- a/charts/nova/templates/deployment-spiceproxy.yaml
+++ b/charts/nova/templates/deployment-spiceproxy.yaml
@@ -17,7 +17,7 @@
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
-{{- define "novaSpiceproxyReadynessProbeTemplate" }}
+{{- define "novaSpiceproxyReadinessProbeTemplate" }}
tcpSocket:
port: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
diff --git a/charts/nova/values.yaml b/charts/nova/values.yaml
index 26841a4..b725160 100644
--- a/charts/nova/values.yaml
+++ b/charts/nova/values.yaml
@@ -796,57 +796,7 @@
sla:
failure_rate:
max: 0
- paste:
- composite:metadata:
- use: egg:Paste#urlmap
- /: meta
- pipeline:meta:
- pipeline: cors metaapp
- app:metaapp:
- paste.app_factory: nova.api.metadata.handler:MetadataRequestHandler.factory
- composite:osapi_compute:
- use: call:nova.api.openstack.urlmap:urlmap_factory
- /: oscomputeversions
- /v2: openstack_compute_api_v21_legacy_v2_compatible
- /v2.1: openstack_compute_api_v21
- composite:openstack_compute_api_v21:
- use: call:nova.api.auth:pipeline_factory_v21
- noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
- keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken audit keystonecontext osapi_compute_app_v21
- composite:openstack_compute_api_v21_legacy_v2_compatible:
- use: call:nova.api.auth:pipeline_factory_v21
- noauth2: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21
- keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken audit keystonecontext legacy_v2_compatible osapi_compute_app_v21
- filter:request_id:
- paste.filter_factory: oslo_middleware:RequestId.factory
- filter:compute_req_id:
- paste.filter_factory: nova.api.compute_req_id:ComputeReqIdMiddleware.factory
- filter:faultwrap:
- paste.filter_factory: nova.api.openstack:FaultWrapper.factory
- filter:noauth2:
- paste.filter_factory: nova.api.openstack.auth:NoAuthMiddleware.factory
- filter:sizelimit:
- paste.filter_factory: oslo_middleware:RequestBodySizeLimiter.factory
- filter:http_proxy_to_wsgi:
- paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
- filter:legacy_v2_compatible:
- paste.filter_factory: nova.api.openstack:LegacyV2CompatibleWrapper.factory
- app:osapi_compute_app_v21:
- paste.app_factory: nova.api.openstack.compute:APIRouterV21.factory
- pipeline:oscomputeversions:
- pipeline: faultwrap http_proxy_to_wsgi oscomputeversionapp
- app:oscomputeversionapp:
- paste.app_factory: nova.api.openstack.compute.versions:Versions.factory
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: nova
- filter:keystonecontext:
- paste.filter_factory: nova.api.auth:NovaKeystoneContext.factory
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- filter:audit:
- paste.filter_factory: keystonemiddleware.audit:filter_factory
- audit_map_file: /etc/nova/api_audit_map.conf
+ paste: {}
policy: {}
nova_sudoers: |
# This sudoers file supports rootwrap for both Kolla and LOCI Images.
@@ -1399,6 +1349,7 @@
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
+ service_type: compute
notifications:
notify_on_state_change: vm_and_task_state
service_user:
@@ -2164,6 +2115,9 @@
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
mounts:
nova_compute:
init_container: null